If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ok, sorry, that was a little blunt. I'm not attacking individuals here, but I AM singling out an attitude and manner of discussion lately that involves less of the proper intelligent debate and more of the fanboi bitch-n-moan-a-rama stance.

Ethics is not an exact science. Neither are communications or human interactions. I had a lengthy discussion with someone recently because he felt I was belittling him for of a certification he holds. Here's the root of the issue:

Original internal email that has been purged to protect the guilty, sent Friday the 17thJust some beer-30 musings from me on the Certified Ethical Hacker credential
from the EC-Council. http://www.eccouncil.org/CEHFAQ.htm

I have been considering testing for this fancy cert that means 'Trained
Pentester', for quite some time now. I was curious what the internet
consensus was on this cert, and found this blunt assessment from P.J.
Connoly at InfoWorld. While I somewhat agree with his sentiment of 'real
world experience is more valuable than certification', I also actually LIVE
in that real world and recognize that experience with NO certifications
makes you a MUCH harder sell to a client or employer. Experience must to be
tempered on the anvil of certification. (catchy, eh?)

But the point of this is his statement about the EC-Council's semantics,
which follows:
"But pretending to "certify" someone as ethical is
downright dishonest. It's one thing to give a character
reference to someone you know personally or
professionally. It's another to claim they'll behave
ethically under every conceivable situation."

That really strikes home with me, being a former police officer and public
servant who swore an oath to defend and uphold the Consitution of the United
States, as well as the Laws, Charters, and Ordinances of my state and city,
and to defend life and liberty within our borders.

I'm not knocking anyone in our org who holds a CEH; personally, I'm a tad
jealous that you could legitimately put the word 'hacker' on your biz card and
smirk when your boss questions it. I'm still pondering if this certification of
knowledge and skill is what I would want to present to a client. But I do have
a problem with any business, non-profit or not, certifying others as 'ethical'.

To paraphrase one of my favorite David Spade/Chris Farley movies, "If you
want me to take a dump in a box and mark it guaranteed, I will. But for you
and your customer's sake, ya might wanna think about buying a quality item."

So he got all offended that I was saying he is worthless because he took some (very hard...his words) test and I don't think he's worth a damn. He got all of those personal attacks from the body of the email above. I don't know how, but that is what he felt.

"Hacker" is a word that is here to stay, and it will be (mis-)used by the press and individuals until it falls out of popular favor. What it means varies from who used it to what venue they uttered it in. How we use it to evoke a reaction from our audience will also vary.

How we choose to interpret a symbol is of pivotal importance. The problems in this world are oft rooted in miscommunications and a failure to heed the needs of our opponent.

Call yourself a hacker, a cracker, a fat-boy-slim macker. I don't care. I will try to recognize your perspective and position, and what your intent by using such symbols. In doing so I am bound to make mistakes, but I will *TRY*. But please recognize that I am one of many, many other individuals in this world who must also make an attempt to see your point of view...and most of them wont give a rats ass.

One man's hacker is another's savior. And a thirds terrorist. And a fourth's holy warrior. Ethics is a slippery slope of perspective, definition, morals, and personal judgement. CopyRight can take over this discussion now, if you are interested in pursuing the philosophy of ethics.

Intentions are not always obvious. Tools are not inherently 'evil' or 'good'. An attack may come from a compromised host, whose oblivious owner has nothing but good will for you.

Let's be careful before we start using labels, and judging others based on labels. It does more harm than we realize.

&lt;/tree hugging rant&gt;

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

I hope that my post's inclusion doesn't mean you think I'm a fanboi of Firefox I like it, and use it pretty much exclusively, but I was just trying to point out my issues with the approach that Symantec took in making the comparison. As has been pointed out to me by yourself and another AntiOnline vet, I didn't really get that point across very well (what can I say, I'm still n00b-tastic).

I agree though, people seem to be getting all caught up in semantics about what they are or aren't. Its silly :P

\"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
Phillip Toshio Sudo, Zen Computer
Have faith, but lock your door.

Originally posted here by WolfRune I hope that my post's inclusion doesn't mean you think I'm a fanboi of Firefox I like it, and use it pretty much exclusively, but I was just trying to point out my issues with the approach that Symantec took in making the comparison. As has been pointed out to me by yourself and another AntiOnline vet, I didn't really get that point across very well (what can I say, I'm still n00b-tastic).

I agree though, people seem to be getting all caught up in semantics about what they are or aren't. Its silly :P

Hey, no, as I said I'm not attacking individuals here. It's an attitude thing that I see over and over, and no I'm NOT accusing you of having it...my comment about "lets go back to banging rocks together" was more in the devils-advocate vein than anything...and obviously it didn't go over that way...thus, I prove my point above. :P

I can find many many many articles on the security of IE, windows, etc. And someone else could find as many, and more, for Linux, FreeBSD, etc. It's pointless. The key is that as a collective we don't act on the knowledge that the root of the problem is in default behavior, of the user, of the operating system, or the group. Without changing that default behavior, many of these problems will never really be solved. They'll be put off, bandaged, and grow back with bigger fangs.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

The key is that as a collective we don't act on the knowledge that the root of the problem is in default behavior, of the user, of the operating system, or the group.

Absolutely! Though I think that the change needs to be even more fundamental than changing the behaviour of users - humanity needs to stop being selfish & malicious.

But that's just my pipe dream. I think your method might be more workable

\"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
Phillip Toshio Sudo, Zen Computer
Have faith, but lock your door.

Because you refered to it I will respond...maybe you missed the point of my side of the argument ( and maybe you didn't ) but...if you had read my posts the point I kept trying to get to was not ethics in regard to morality...but ethics in regard to property rights...I was not making a moral issue but an issue of general law...accepted social law...
what a hacker is was a secondary issue that kept creeping up.

I agree that ethics can seem to be a very gray area when it comes to morality...but morality wasn't even an issue at all...the issue I had was the excuses hackers use to justify violating another person's property rights.

and the fact remains...if it's not yours...you don't have any rights to it.

Eg

As for the statement regarding the blind area of attack...I clarified that in my posts as well...that I was not talking about that...in my snake analogy...
I was not talking about you putting a snake in the street ( accident or on purpose ) and it finding it's way into a home...I was specifically talking about the snake a person purposely puts in through a window.

Keep it coming, boys... I'm writing a 10-page essay on "ethical" hacking, it's due in 3 weeks, and I need some controversy!
I've been wanting to include some Antionline thread in my bibliography, but I couldn't find anything worthwhile - make sure this one becomes worthwhile!

You could write your essay on societal norms...do they apply to the internet?!

For instance we have an accepted principle of ' societal law ' that states...no one has the right to take, use, or manipulate another person's property without their consent...

I cannot enter your home, listen to your sterio, take your car, or relieve you of your use of your computer...without your approval...as it is recognized that these items are yours and not mine...

so...by societal law...does a hacker, even one with good intentions, have the right to breach these norms?...does not societal law extend to the internet?...the computer is still in your home, it is still yours, how many rights are you willing to concede?

If you liken your car as your computer and a highway as the internet...when you're sitting in your car at home going BBrrrrrrrOOOOOOmmmm BBrrrrrrrOOOOOOMmmmmm ( and we know you do ) you're not connected and you're fine...but as soon as you access that highway...do all of your rights still apply? Can I access your car and take control of it remotely...ethically?

well, i have something to add. ethics is hard to be implemented, humans now have become more materialistic than ever(the future will be worse).do they teach you morality in school?sorry if in your country you are taught, but in my country they dont. but we should realize that in religion, morality and ethics are important, so if you are a good christian/moslem/jew/buddhist etc then you have ethics or self-conscience towards others rights.sorry for provoking the issue about religion..

I thought that guys wanting to write on this subject might want to include a bit of the history?

Back then "hacker" wasn't a "bad" word, and all of them were "ethical" to some degree.

Cheers,

Johnno

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Umm no... it was and still is very lame. Because you know its one thing to smoke pot but then its another thing to pretend your some "free thinking" and very hip, beatnik. Agian, I say people who toss the H-word around are just a bunch of self important *******s.